PHP Password Reset by Email
HTML-код
- Опубликовано: 8 фев 2025
- Learn how to create secure password reset by email using PHP, MySQL and best practices.
This is part 2 of Signup and Login with PHP and MySQL:
‣ • Signup and Login with ...
Please consider supporting my channel:
☕ ko-fi.com/dave...
Code shown in the video:
‣ github.com/dav...
Relevant documentation:
‣ github.com/PHP...
Videos referenced:
‣ Signup and Login (part 1): • Signup and Login with ...
‣ Sending email with PHP: • Send email with PHP | ...
00:00 Introduction
00:24 How it works
02:09 Starting point
02:17 Forgot password
04:08 Database changes
05:03 Send password reset
08:47 PHPMailer
13:25 Send reset email
14:17 Process link in email
16:42 Password reset form
17:49 Reset password
20:40 Summary
#PHP #MySQL #signup #login #passwordreset
This is part 2. Part 1 is here: Signup and Login with PHP and MySQL:
‣ ruclips.net/video/5L9UhOnuos0/видео.html
and part 3 is here: PHP Account Activation by Email:
‣ ruclips.net/video/kC0AIip7Bww/видео.html
Working on my final project and now I added this option to my project, thank you very much
What other related functionality would you like to see? Coming soon - account activation by email!
Maybe a real-life project with clean coding, using API?
Hi Dave, great content! I recently decided to progress to learning Laravel and wondered if this was something you have any experience with, or were planning to cover in the future? Love your courses by the way! Cheers, Adam
please show how to do this exactly with the env file to store the sensitive data externally
@@ahooton Thank you! I will do some Laravel tutorials at some point in the future, yes
@@zmOe1 I just published this: ruclips.net/video/L5E2HSHrDjw/видео.html
dave is the best of all times in php. His api course is AMAZING. the explanations are beyound the language, you learn the concepts and how implement it in practice
Who else has waited for this?
Very good php man
Thanks, really clear coverage of a fairly complex process. 👍
Thank You very much for the nice tutorial, I learn something new today
You are indeed a great teacher Dave
Shear PHP Coding Wizardry.
Deep appreciation, sir.
Wishing that you would make a video on the things to do to make a website scalable.
Thank you Dave, I've had frustrations looking for a way out with doing secured password recovery/ reset
your vid has really helped me a lot in making a good proj. and also thank you for keeping your code free to use
Nice explanation, understood instantly, thanks. Suscribed.
Thank you very much Sr. ¡I apreciate all your knowledge!
Very much enjoying your tutorials. I am not understanding how/where to add the on-page client-side validation as was done on the process signup page mentioned at 19:08.
What exactly is your problem? Do you get any errors?
@@dave-hollingworth I would like to add the server side validation,
like you did to signup.html, to forgot-password php. I added the "Just
Validate" script and the validation js file. I also added id=signup
at the beginning of form, but I don't get any validation errors and the form
will not process.
I suspect what I am doing wrong is obvious, but just not to me :)
@1PostWise Try looking in the browser developer tools in the js console or the network tab to see if there are any errors there
Living treasure Thank you for the great work
Thank you so much sire always love Your coding and the simple syntax you use to teach special greetings ❤❤❤❤❤
great tutorial thanks :)
Thank you very much. God bless you.
Thank you 😇
Thanks for your knowledge and your code I used them in signups and they worked for me perfect. And when are you planning to record a tutorial on how to create avater image
bro plz tell me didi the domains worked correctly
BEST!!
On the mail.php page, specify in the SMTP settings configuration, what is meant by email and password? Is it the one that belongs to the personal gmail, and what is the account added to the host? Please respond as soon as possible.
The email and password are the ones you use to authenticate with the SMTP server. In the case of Gmail, this would be your full Gmail address and application password (you have to create a specific application password to use the Gmail SMTP server)
really you are good
thank you boss
good day sir, on time frame 10:02 you declare require __DIR__ . "/vendor/autoload.php"; May I know why you declare autoload.php but is not included in your file directory?
This file is generated automatically when you install packages using Composer
@@dave-hollingworth Thank you so much.
13:39 it appears: Message could not be sent. Mailer error: SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server Additional SMTP info: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolutionMessage sent, please check your inbox.
Can you guys please help me to fix this problem now?
I extremely appreciate, thank you very much
Message could not be sent. Mailer error: SMTP Error: Could not authenticate.
@@jamestrey3049This is an issue with the SMTP server hostname (e.g. smtp.example.com) or the authentication credentials (the username and password you use to connect to the server)
@@dave-hollingworth Yes, I already changed its statement. But eventually It appears SMTP Error: Could not authenticate.
Please help me
Do you mean the password we use is the app password of Google?
@@jamestrey3049 If it's saying you could not authenticate, this is usually a problem with the username and password. If you're using Gmail, this will be your email address and application-specific password.
Can you add a video for creating admin roles
Like adding super admin and admin please
Great content David, part 3 with 2FA with option to enable or disable it?
Perfect ❤❤❤❤❤❤
thank you so much .
really great content, thank you for that. It may be a stupid question but wouldn't it be easier to send the user to the sign-up page and skip the check if the email is already taken? (or just delete the user and let him sign up again)
You could do, but the signup page is more complex than the password reset page, requiring more fields, more validation etc. so it's easier to let them reset their password by just supplying their email. As for deleting the user and letting them sign up again, yes you could do that, but that would require you to do that. Letting the user reset their own password requires no intervention on your part. (much better if you have many users!)
Thanks sir
Great as always 👍
I know videos are made so that they can be easy to understand but, Maybe It would be better and more practical, instead of using files and require them like: $var = require.....;, we can just create functions in one file and use them everywhere we need. 😊
Yes you're right. I try to avoid adding code that would distract from the lesson being taught in the video, so I keep it as simple as possible, but a different way to organise the code would be better as the codebase builds.
I love his tutorials but he did it in his first video and I was a bit confused. $mysqli = require __DIR__ . "/database.php"; What does this mean. This variable is for the database connection in the databse.php file.
Such situation I made the reset password structure by your video, the main problem that google account now vanished the opportunity to make less app secure in google/account/security, out there I made password app in 2 factor authentication and use it in my project, but, have been always when try to reset the password, have the same error *SMTP Error: Could not authenticate* , someone speaks it point on incorrect credentials, however, credentials fine 100%, someone speak the structure of the project now does not fit for google requirements and therefore we have always the error, someone know how to resolve it? as long as someone have faced with the same issue ?
same
could you please make a video on search algo like in a social media website where we can find people to connect with?
Hello dave, i have a problem about your tutorial did you made some clarification or double checking the reset password?, because when i try to submit a form it didn't clarify the confirmation password neither if the password length was correct or have some numbers on it. Please i need to fix this issues.
Are you referring to the client-side or server-side validation?
@@dave-hollingworth i already check the code its just i missed this ';" to insert. thank you for your tutorial I'm still learning about php. 😁
sir, please help my reset-password.php page not working
mail massage click with example domain show
i was able to update the token but when I click the link sent to the email, it keep says token not found
I have a security question:
What happens if an hacker ipotetically puts 0 as the password recovery token?
Would the program recognise it as a valid recovery token and let the hacker change the password of the first entry of an user with a recovery token not set (set to null) or worse change the passwords of all the users with a recovery token not defined?
sorry in advance for the bad english
Good question - the user record is found based on the hash of the supplied token. If you hash "0", you still get a full hexadecimal string. So when the user record is searched for that matches that string, none will be found, and therefore none will be updated. So this shouldn't be a problem.
Hello Dave. Everything works properly but the email, it doesn't create an hyperlink but instead write out the whole
You need to set the email format to HTML:
$mail->isHTML(true);
@@dave-hollingworth Thanks brother it works fine now. 🤝
Thankyou for this tutorial I am learning in your videos but is there another way? PHP mailer doesnt work now if you use gmail cause google disabled the function less secure apps in gmail😕
Search for "smtp server" (there are free and paid ones available)
@@dave-hollingworth Im truly grateful for your assistance!
please in reset-password. php i don't understand if we must put $token_hash in the place of ? in the query $sql="select * from user where reset_token_hash=?"; because i think ? will replace $_get['token']
and in the table user we store reset token hash and not the token
help please
just i want a clarification
thx in advance
i think this :
$stmt->bind_param("s", $token_hash);
in the script reset-password.php will put $token_hash in place of ?
so because i don't know this ligne of code
do you confirm me?
thx in advance
The Hash Code also created on the php table.I have installed the phpmailer in the composer. But I cannot get the Vendor Folder and Autoload. Sir how can i get the vendor folder also autoload file
Make sure you ran the composer install command from the root folder
why did you set reset_token_hash is unique?
That field is used to uniquely identify a user. In the (albeit unlikely) event of two tokens being generated that are equal, the situation could arise that a user could reset the password of another user's account. So we set it to be unique in the database to avoid this situation.
Which IDE are you using?
Visual Studio Code
I am trying to reset the "reset_token_hash" and "reset_token_expires_at" to null after I successfully reset my password but the values are not turning null. I checked the database and the code and all were copied perfectly. Is there any idea on how to fix this?
Could it be that the database columns don't accept null values?
I can't update my password? do you why?
Hello, I've tried everything to get this to work however I'm struggling. I keep getting "token not found' after running the process-reset-password.php. I can confirm that the token is there, on the email and is being displayed in the "hidden" form when visible but still I get this error. I thought it might have been an issue with the hash, and so I have completely removed the hash and the checks for the hash, but I'm in the same boat. Can anyone help?
Try debugging by printing out the values of the token at various points, to see if it's getting lost somewhere. You can also compare your code to the code from the video in the repository.
the PHP script may generate a token that already exists ...
Sir please tell how to send email using codeigniter 3
theres an error whenever i click the link on mail:
Not Found
The requested URL was not found on this server.
Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.3.30 Server at localhost Port 80
Check the URL matches your hostname (e.g. localhost, example.com etc.) and the path to the file (/reset-password.php, or /subfolder/reset-password.php etc.) and the filename matches it
amazing , if u can help upload photo and can edit it .please
Hii how to download vendor/autoload.php please give me link
This file is generated automatically when you install packages using Composer
@@flavoredtears3898 When you run the "composer install" command, it will create the vendor folder in the same folder you run it from - check the output of that command to make sure there were no errors
Why does mine display "Token not Found" even though the token is correct for the given URL?
Hard to say without seeing the code - try debugging by printing out the values of the $_GET variable etc. at different stages using var_dump
Mine is exactly the same, did you manage to fix this?
Hi sir, i tried and success to run it but after a month a open it got this error. can you help me please? Fatal error: Uncaught Error: Call to a member function setFrom() on int in C:\xampp\htdocs\fyp\send-password-reset.php:28 Stack trace: #0 {main} thrown forgot password
What is on that line of code? (line 28)
I saw my smtp account is disabled restricted access just now, is it the issue why I got error?😮
Hmm I write the code for u just now but I don't know why it didn't show here...
@@sakuralee9800 Try putting the code on something like pastebin and posting the URL here
@@dave-hollingworth I can fix it already, thank you sir 😁
Dear Dave, thank you so much for this tutorial. It is great. Very clear explanation and nice voice.
I do have a problem.
When I run your script on my computer, locolhost, everything works fine.But when I FTP it to my site I get an error.
When I klick the send-button, i get: the page could not be processed. HTTP ERROR 500. When I choose another file, (forgotmail.php, ipv send-password-reset.php) it loads the page (forgotmail.php. When I paste the code from send-password.php insode forgotmail.php, iit does not work anymore. Can you understand this?
Kind regards and thank you in advance
A 500 error means an error is occurring on the server - to see error details you need to add this to your code:
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
This will tell you where the error is occurring
@@dave-hollingworth It was a problem with the authorisation ... problem solved. Now it works like charm. Thanks again Dave!
👏👏👏
Message sent, please check your inbox. but not sending the message. What is the errors..?
Try adding this to your code before the redirect happens:
$mail->SMTPDebug = 2;
exit;
This will show the debug errors from the SMTP server.
❤❤
I installed composer but it only downloads vendor/phpmailer without anything inside it
Check your file explorer isn't hiding certain files, and you have enough disk space. Also see if there were any error messages when you ran the Composer command
Message could not be sent. Mailer error: SMTP Error: Could not authenticate.
What is the problem?
Check the user and password you're using to authenticate with the SMTP server
Getting the same error, as far as I know my username and password for the SMTP server is correct as well as the settings for the SMTP server. Can I ask what server you're using? Or if you fixed it?
@@Doyleur the same as on the video, but i didn't fix it :
@@Doyleur I use mailgun. You can always try the SMTP settings in a regular email client (e.g. Thunderbird) to see if they work there
i got email has already taken on sign up but email doesnt taken
Please have a look at some of the other comments where people have had a similar problem and posted a solution
Hello Dave.
First, thanks for your lessons. They are great!
For me, the reset-password.php file does not work on my domain, PHP version 7.4
Reports an error: Failed to load resource: the server responded with a status of 500 ()
An error occurs when executing this line: $stmt->bind_param('s', $token_hash);
PHP 7.4 no longer receives security updates, I recommend updating it as soon as you can. A 500 error is an error on the server - see this video on how to see the actual error message: ruclips.net/user/shortst6KpIfHPFGw?feature=share
Thanks for your reply. It didn't help me. If I change the PhP version, then other things don't work for me. I am not familiar with PhP. The above error occurs when executing this line:> $result = $stmt->get_result();@@dave-hollingworth
Can you suggest an alternative method ?
how to set up composer?
Follow the instructions for your operating system here: getcomposer.org/doc/00-intro.md
wheres the tutorial to set up smtp ?
ruclips.net/video/fIYyemqKR58/видео.html
Where is Autoload.php
In the vendor folder
I'm now getting this
"Message could not be sent. Mailer error: SMTP Error: Could not authenticate.Message sent, please check your inbox."
Is it a firewall issue with smtp server?
Hi @dave-hollingworth. In the last step of the "process_reset_password" I'm comming across a following problem: Fatal error: Uncaught Error: Call to a member function bind_param() on bool in C:\xampp\htdocs\TCC\TCC\process-reset-password.php:39 Stack trace: #0 {main} thrown in.
Could you help me to solve it out!?
This means $stmt contains false - check the SQL is valid
@@dave-hollingworth thanks Dave, I’ve found the error 👍
thx a lot all work well however the only problem for me is when i click on signup and i write name ,email,...and i click send always show me this message:email alreay taken although the email is not used so in this case i insert manually id,name,email..into the table user and i succeed to do all the other things.
help please
thx in advance
Try adding this line:
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
@@dave-hollingworth you know i went to cafee and now i return to my laptop and i try again however in this all works well without adding anything thx very much best friend
Hello dave, thank you for the great video however, It shows here that in my code
Warning: Undefined array key "email" in C:\xampp\htdocs\dms\send-password-reset.php on line 3
pls help me
What code is on line 3?
please I am getting an error, Message could not be sent. Mailer error: SMTP Error: Could not authenticate. Massage sent, please check your inbox
Check the username and password you're using for your SMTP server
thanks you are the best@@dave-hollingworth
Fatal error: Maximum execution time of 120 seconds exceeded in C:\xampp\htdocs\projects\test\template\demo\vendor\phpmailer\phpmailer\src\SMTP.php on line 1269
send-password.php code its not working its not updating reset_token_hash and the reset_token_expires_at any help ?
Do you get any error messages? Try temporarily stopping the script before it redirects so you can see them
Thanks for your reply , i really appreciate your Code the problem was at the DB Connection yours is a Prepared statement mine was a Normal connection , what do u think Prepared Statement is more secure or both are good , also there was an bug at your Register Process the client can use someone elses data to register for example you forgot to prevent duplicated inserts :)@@dave-hollingworth
please in reset-password. php i don't understand if we must put $token_hash in the place of ? in the query $sql="select * from user where reset_token_hash=?"; because i think ? will replace $_get['token']
and in the table user we store reset token hash and not the token
help please
just i want a clarification
thx in advance